Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-5308

AuthenticatedWebSession#authenticate should be protected, not public

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.9.1, 7.0.0-M1
    • Fix Version/s: 7.0.0-M1
    • Component/s: wicket-auth-roles
    • Labels:
      None

      Description

      A common source of confusion in trainings is that when implementing security using wicket-auth-roles, you have to implement #authenticate in your own session class, but in the login form's #onSubmit you have to call #signIn.

      Both #authenticate and #signIn are public and both have identical signatures. Their names mean basically the same thing too. This is rather error-prone.

      I propose changing the visibility of #authenticate to protected. That way, it will still work the same as it does now, except it won't show up in code-completion anymore and won't compete with #signIn anymore.

      This should not be an API break, since #authenticate is abstract anyway and is always implemented in user code. Raising visibility from protected to public is always legal, so user code should not break from this change.

      Opinions?

        Attachments

          Activity

            People

            • Assignee:
              cmenzel Carl-Eric Menzel
              Reporter:
              cmenzel Carl-Eric Menzel
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: